Twitter hit by avalanche of malicious tweets

April 24, 2014 - 15:11 AMT

PanARMENIAN.Net - Twitter has been hit by an avalanche of malicious tweets that are being sent by thousands of compromised user accounts. The ongoing attack, which was about two hours old and showed no signs of abating as this post was about to go live, appeared to be linked to security breaches affecting third-party sites and apps, Ars Technica reported.

Early on, every single one of the tweets viewed by Ars contained the tag "via weheartit.com," prompting speculation the compromised Twitter accounts were linked to the social network by that name, which hosts services for image sharing and promotion. Later on, however, tweets that were part of the same campaign carried tags showing they were transmitted by apps such as the Twitter for iPhone, making it unclear exactly what was the source of the non-stop torrent, the report says.

In an e-mail, We Heart It President Dave Williams wrote: "We are definitely seeing some malicious activity which we have now blocked and are investigating further. Unfortunately I don't have any other information I can share at this point."

We Heart It representatives later took to Twitter to say sign-in and sharing over Twitter had been temporarily disabled, according to Ars Technica.

The malicious tweets all contained words that should be familiar to anyone who has ever received spam: "If I didn't try this my life wouldn't have changed." There's also a link that led to hxxp://www.womenshealth.com-april22.us/miracle-garcinia, a site promoting women's health products. Researchers have yet to analyze the site to see if it attempts to surreptitiously install malware on visitors' machines, so readers are advised to avoid the link unless they have experience analyzing malicious sites.

The incident is a potent reminder of how a security lapse of one site or app maker can cascade over to other sites and the millions of people who visit them. We Heart It, which in December said it had 25 million monthly users, allows users to share content directly on Twitter without leaving the site, presumably by using the OAuth authentication mechanism to link accounts between the two sites. For obvious reasons, Twitter for iPhone is also intricately linked to users' Twitter accounts. At this early stage, it's not possible to rule out the possibility log-in or authentication credentials for accounts that use these two services have been compromised. Out of an abundance of caution, users whose Twitter accounts were commandeered should change passwords now to something strong and unique, Ars Technica says.